Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, July 28 • 11:15am - 12:30pm
Aleatory Persistent Threat

Sign up or log in to save this to your schedule and see who's attending!

Over the years, exploitation objectives have changed alongside the associated efforts by vendors to protect their software. Exploitation has moved from remote exploits on Unix servers to the community focusing on client-side targets, such as document viewers and browsers.

 

Some prime examples of these are the Aurora and IE peers zero-days actively exploited in the wild. These bugs answer many questions related to what the new breed of attacker is focusing on, yet all hype aside the real lesson is: botnet authors are learning how to fuzz for these vulnerabilities but are not able to write reliable exploits to accompany them.

 

With that premise in mind, this presentation intends to explore the techniques used to exploit the "use-after-free" bug class on Internet Explorer 8, diving into the API internals, reviewing the art of heap crafting and presenting new techniques to improve it.


Wednesday July 28, 2010 11:15am - 12:30pm
Day 1 - Programmatic

Attendees (13)